UN Report Strikes Down Gov’t Claims About Encryption

Governments have not proven that encryption is harmful to anti-terrorism efforts, a new UN report says, adding it may be ‘essential’ to free speech. (Yuri Samoilov via Flickr Creative Commons photo, remixed for TheBlot by Matthew Keys)

Digital encryption and privacy is essential to free speech and expression around the world, and efforts by governments to weaken encryption by requiring so-called “back door” access or other circumvention measures undermine such freedoms, according to a newly-released United Nations report.

David Kaye, Special Rapporteur to the U.N.’s Human Rights Council, wrote in the report that encryption and anonymity tools “provide the privacy and security necessary for the exercise of the right to freedom of opinion and expression in the digital age,” and that they “may be essential for the exercise of other rights, including economic rights, privacy, due process, freedom of peaceful assembly and association, and the right to life and bodily integrity.”

Governments who break or outlaw such tools “disproportionately restrict the freedom of expression” of its citizens, the report says, and those governments — including the United Kingdom and the United States — who advocate for pre-installed circumvention measures such as back doors put citizens at risk because they “undermine the security of all users” because such circumvention methods could potentially fall into the wrong hands.

“Back-door access would affect, disproportionally, all users,” Kaye wrote. The report warns that those with technical knowledge — including skilled “bad actors” and “terrorists” — could misappropriate government-sanctioned security holes in digital security, which would undermine the efforts of those governments who advocate for them under the guise of homeland security.

The report comes at a time when first-world governments, including the U.K. and U.S., grapple with how best to advocate for a secure digital ecosystem while at the same time encouraging technology companies to willfully compromise that same security for anyone it considers a bad actor.

Some in government, including FBI Director James Comey, have, at times, come out in support of strong digital encryption. But when Apple and Google announced late last year that they would automatically begin encrypting the data of its smartphone users, Comey sharply attacked the technology companies, saying their decision to value privacy over government capitulation could create a safe harbor for child abusers, murderers and terrorists.

“States [such as the U.K. and U.S.] supporting such measures often claim that a legal framework for back-door access is necessary to intercept the content of encrypted communications,” the report says. “Governments proposing back-door access, however, have not demonstrated that criminal or terrorist use of encryption serves as an insuperable barrier to law enforcement objectives.”

On Thursday, Adm. Mike Rogers, the head of the foreign intelligence apparatus National Security Agency (NSA), acknowledged encryption as a “fundamental part of the future,” but still said it was necessary for the government’s law enforcement agencies to have unfettered access to raw data when it is crucial to protecting life and liberty.

“Can we create some mechanism where within this legal framework there’s a means to access information that directly relates to the security of our respective nations, even as at the same time we are mindful we have got to protect the rights of our individual citizens?” Rogers asked while speaking at a cybersecurity conference in Estonia. “It’s not either-or in the United States. We have to do both.”

Rogers pointed to laws that allow police to place wiretaps and other surveillance devices on phone lines and request phone records without stringent judicial authority that would usually come by way of a warrant.

“Why can’t we create a similar kind of framework within the internet and the digital age?” he asked. “I certainly have great respect for those that would argue that they most important thing is to ensure the privacy of our citizens and we shouldn’t allow any means for the government to access information. I would argue that’s not in the nation’s best long term interest, that we’ve got to create some structure that should enable us to do that mindful that it has to be done in a legal way and mindful that it shouldn’t be something arbitrary.”

Rogers’ suggestion isn’t squarely at odds with those in the U.N. report. In fact, Kaye wrote that certain limitations on encryption and security can be justified by things like “homeland security, public order, public health [and] morals.” But those exceptions “must be precise, public and transparent,” and should be “subject to public comment and only be adopted, if at all, according to regular legislative process.”

Kaye’s report will be presented to the full Human Rights Council in June.